diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b84d048d..868fb48d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.99.4
+ rev: v1.100.0
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
@@ -24,7 +24,7 @@ repos:
- '--args=--only=terraform_workspace_remote'
- id: terraform_validate
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v5.0.0
+ rev: v6.0.0
hooks:
- id: check-merge-conflict
- id: end-of-file-fixer
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5a90da5..d74e5704 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
All notable changes to this project will be documented in this file.
+## [6.1.0](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/compare/v6.0.2...v6.1.0) (2025-08-22)
+
+
+### Features
+
+* Output security group ARN and ID ([#450](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/issues/450)) ([45a4380](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/commit/45a43803c408968f9f9d11b2ea63d96f6931a1e2))
+
## [6.0.2](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/compare/v6.0.1...v6.0.2) (2025-07-01)
diff --git a/README.md b/README.md
index bb8d90a0..850b7371 100644
--- a/README.md
+++ b/README.md
@@ -259,7 +259,7 @@ No modules.
| [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no |
| [security\_group\_description](#input\_security\_group\_description) | Description of the security group | `string` | `null` | no |
| [security\_group\_egress\_rules](#input\_security\_group\_egress\_rules) | Egress rules to add to the security group | map(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
tags = optional(map(string), {})
to_port = optional(number)
})) | {
"ipv4_default": {
"cidr_ipv4": "0.0.0.0/0",
"description": "Allow all IPv4 traffic",
"ip_protocol": "-1"
},
"ipv6_default": {
"cidr_ipv6": "::/0",
"description": "Allow all IPv6 traffic",
"ip_protocol": "-1"
}
} | no |
-| [security\_group\_ingress\_rules](#input\_security\_group\_ingress\_rules) | Egress rules to add to the security group | map(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
tags = optional(map(string), {})
to_port = optional(number)
})) | `null` | no |
+| [security\_group\_ingress\_rules](#input\_security\_group\_ingress\_rules) | Ingress rules to add to the security group | map(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(number)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
tags = optional(map(string), {})
to_port = optional(number)
})) | `null` | no |
| [security\_group\_name](#input\_security\_group\_name) | Name to use on security group created | `string` | `null` | no |
| [security\_group\_tags](#input\_security\_group\_tags) | A map of additional tags to add to the security group created | `map(string)` | `{}` | no |
| [security\_group\_use\_name\_prefix](#input\_security\_group\_use\_name\_prefix) | Determines whether the security group name (`security_group_name` or `name`) is used as a prefix | `bool` | `true` | no |
@@ -310,6 +310,8 @@ No modules.
| [public\_dns](#output\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
| [public\_ip](#output\_public\_ip) | The public IP address assigned to the instance, if applicable. |
| [root\_block\_device](#output\_root\_block\_device) | Root block device information |
+| [security\_group\_arn](#output\_security\_group\_arn) | Amazon Resource Name (ARN) of the security group |
+| [security\_group\_id](#output\_security\_group\_id) | ID of the security group |
| [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request |
| [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request |
| [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request |
diff --git a/outputs.tf b/outputs.tf
index 3b6a9818..4b3292fa 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -230,3 +230,17 @@ output "ephemeral_block_device" {
null
)
}
+
+################################################################################
+# Security Group
+################################################################################
+
+output "security_group_arn" {
+ description = "Amazon Resource Name (ARN) of the security group"
+ value = try(aws_security_group.this[0].arn, null)
+}
+
+output "security_group_id" {
+ description = "ID of the security group"
+ value = try(aws_security_group.this[0].id, null)
+}
diff --git a/variables.tf b/variables.tf
index a95ae995..8df6532c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -563,7 +563,7 @@ variable "security_group_egress_rules" {
}
variable "security_group_ingress_rules" {
- description = "Egress rules to add to the security group"
+ description = "Ingress rules to add to the security group"
type = map(object({
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)